THE COMPTROLLER and Auditor General (CAG), John Buckley, last night disclosed that 16 laptop computers belonging to his office have been stolen since 1999.
He said he intended to ask the Data Protection Commissioner Billy Hawkes to conduct a detailed security audit of systems and procedures in his office.
It followed the disclosure yesterday that a laptop computer from the CAG's office went missing at a bus stop in July.
The laptop contained information that the Industrial Development Authority (IDA) had transferred to the CAG's office pertaining to grants and financial assessments for 2007.
It is understood the data files contained no information about business plans relating to individual companies.
Mr Hawkes is now conducting an investigation into the incident with the full co-operation of the CAG. The loss of the computer was reported early last month, the data commissioner's office added.
Maureen Mulligan, the CAG deputy head of audit corporate services, said last night the office employed an advanced system of data security for its 160 staff. This includes an encryption programme that was made available to all audits in 2007. The IDA also said the data it had transferred to the CAG was encrypted.
Ms Mulligan referred to other security measures, including USB memory sticks with encryption facilities, the use of passwords on all computers and curtailing the amount of data held on laptop computers.
The level of encryption on the missing computer will not be known until Mr Hawkes' office has completed its investigation, though the statement suggested it might only be password-protected.
Ms Mulligan said the nature of the office's examination and audit work required staff to visit the premises of the 350 public bodies they examine.
"The dispersions [of the public bodies] around the country and the extent of movement of staff introduces an exposure to theft and loss of equipment," she said.
Few details were available last night about the data or circumstances involved in the 16 computers that were stolen in a decade. Only one was recovered.
"The office acknowledges the need to manage any risk to the disclosure of client data and it very much regrets the loss of the equipment and any consequential risk that data, while held on password-protected equipment, could be improperly disclosed.
"There is no evidence that the office's systems were specifically targeted and, in all cases, the thefts appeared to have been opportunistic in nature.
"The office, therefore, considers the risk of injury or loss to data subjects is limited, taking account of the passage of time," said Ms Mulligan.
A spokeswoman for the IDA said the agency had a high level of protection for its data.
"We cannot comment on [this loss] until the investigation takes place," the spokeswoman said.
The confirmation of the missing laptop from the CAG's office is the second incident to have been highlighted this week.
Crates of documents containing personal details on clients were found next to a lift during an audit of the Department of Social and Family Affairs.
Government departments and agencies have been moving to improve encryption and data security in recent months, following a small number of incidents and a perception that some bodies were slow at embracing advanced technology to protect data and information.
